Search for packages
| purl | pkg:pypi/django@1.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kuyz-3pxs-r7cv
Aliases: CVE-2011-0696 GHSA-5j2h-h5hg-3wf8 PYSEC-2011-10 PYSEC-2011-30 |
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447. |
Affected by 31 other vulnerabilities. Affected by 31 other vulnerabilities. |
|
VCID-n6ps-f6s6-zkbj
Aliases: CVE-2011-0697 GHSA-8m3r-rv5g-fcpq PYSEC-2011-11 PYSEC-2011-31 |
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. |
Affected by 31 other vulnerabilities. Affected by 31 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:38:04.185165+00:00 | GitLab Importer | Affected by | VCID-kuyz-3pxs-r7cv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2011-0696.yml | 38.6.0 |
| 2026-06-02T04:38:03.832168+00:00 | GitLab Importer | Affected by | VCID-n6ps-f6s6-zkbj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/Django/CVE-2011-0697.yml | 38.6.0 |